[EMAIL PROTECTED] - Wed May 11 17:37:29 2005]:
> Current snapshots (checked on 20050503 and 20050511) and 0.9.7e do not
> work when asked to sign non-seekable input. 0.9.6c in Debian woody
> (package version 0.9.6c-2.woody.7) does work.
>
> That is,
>
> echo hello|openssl smime -sign -inkey privkey.pem -signer cert.crt
> -outform der
>
> fails with a message "Can't rewind input file".
>
> The failing code is at line 638 (as of 20050511) of apps/smime.c:
>
> if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
> flags |= PKCS7_STREAM;
> p7 = PKCS7_sign(signer, key, other, in, flags);
> /* Don't need to rewind for partial signing */
> if (!(flags & PKCS7_STREAM) && (BIO_reset(in) != 0))
> {
> BIO_printf(bio_err, "Can't rewind input file\n");
> goto end;
> }
>
> When signing to DER or PEM flags are not PKCS7_STREAM (and signature
> is
> really generated in PKCS7_sign) and then it tries to rewind input, so
> failing if it is not seekable. But why it needs to rewind the input?
> I
> cannot see any reason from the user's point of view.
There is no case it needs to rewind the input now in 0.9.8+ because the
content is either stored in a memory BIO (non-detached data), not needed
(detached and PEM, DER) or streamed (detached and SMIME).
In 0.9.7 there is only one case which is detached and SMIME output
format where the signature is computed on one pass and the content
output on the second.
Patch applied.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
